Have You Been Hacked?

  • Don't think they are just rumors....;-)

  • arnipetursson (10/30/2014)


    Don't think they are just rumors....;-)

    Well, that hardly seems sporting of them. The PRC talks peace buts seems to be preparing for war -- cyberwar.

  • Please don't turn this into a "PRC are attacking us" thread. There are plenty of governments, mine included (UK), which are performing various nefarious activities online. I am not religious but I think that the various holy books contain a great deal of wisdom. In this case "let he without sin cast the first stone" i.e. don't have ago at PRC when ones own government are carrying out similar operations.

    Are PRC guilty? I think so but I do think that it is probably matched by what occurs at Langley, Virginia and The Doughnut, Cheltenham.

    (Yeah, suck on that all other nations. Our spies are so terrifying they work in...The Doughnut!!! Why do they call it that? Because it sound scary like a high carb, high sugar, high fat snack attack!!!)

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • dbishop (10/30/2014)


    Yes they are, or are browsing as part of their job. Like when I go into a Best Buy and tell them I can buy product X on Amazon for $100 cheaper, they will browse to the Amazon site to verify. And I am sure that with that capability, they are using it for other things.

    A POS terminal with open USB port, internet connectivity, or unencrypted wifi is just plain stupid. I'd expect to that at a small owner operated shop (where I prefer to use cash), but not at a national retailer.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Gary Varga (10/31/2014)


    Please don't turn this into a "PRC are attacking us" thread. There are plenty of governments, mine included (UK), which are performing various nefarious activities online. I am not religious but I think that the various holy books contain a great deal of wisdom. In this case "let he without sin cast the first stone" i.e. don't have ago at PRC when ones own government are carrying out similar operations.

    Are PRC guilty? I think so but I do think that it is probably matched by what occurs at Langley, Virginia and The Doughnut, Cheltenham.

    Gary, I have no intention of turning this in that type of thread..

    I was simply giving a factual account of the only instances I am aware of outside parties trying to hack my systems.

    When we have security consultants come in and poke around, my tools usually pick up some of their activity fairly quickly.

  • arnipetursson (10/31/2014)


    Gary Varga (10/31/2014)


    Please don't turn this into a "PRC are attacking us" thread. There are plenty of governments, mine included (UK), which are performing various nefarious activities online. I am not religious but I think that the various holy books contain a great deal of wisdom. In this case "let he without sin cast the first stone" i.e. don't have ago at PRC when ones own government are carrying out similar operations.

    Are PRC guilty? I think so but I do think that it is probably matched by what occurs at Langley, Virginia and The Doughnut, Cheltenham.

    Gary, I have no intention of turning this in that type of thread..

    I was simply giving a factual account of the only instances I am aware of outside parties trying to hack my systems.

    When we have security consultants come in and poke around, my tools usually pick up some of their activity fairly quickly.

    My comment wasn't aimed at anyone in particular but we had already reached the half dozen posts mark. I think that the list of entities NOT trying to hack our systems is shorter than the list of people who ARE trying to hack it. At times it feels that the following is the only list I would trust:

      1) My Mum.

    Yep. That's about it. Not sure my Dad isn't trying either 😉

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • Our spies are so terrifying they work in...The Doughnut!!!

    I suppose it's marginally more terrifying than if they were working at Toad in the Hole.

  • I wonder how many of the "hacks" are actually that rather than the more low-tech version where someone accidentally or otherwise allows someone else to access his/her username & password? I have heard usernames and passwords shouted across an office with members of the general public only feet away. I'm sure readers of this forum will have similar horror stories. You'd think that in today's world people would be really careful but this is far from the case in my experience.

    Education and training can remove so many of the low-tech routes with (comparatively) low cost. Get these low-hanging fruit and at least we make the hackers work hard for their money!

  • Eric M Russell (10/31/2014)


    dbishop (10/30/2014)


    Yes they are, or are browsing as part of their job. Like when I go into a Best Buy and tell them I can buy product X on Amazon for $100 cheaper, they will browse to the Amazon site to verify. And I am sure that with that capability, they are using it for other things.

    A POS terminal with open USB port, internet connectivity, or unencrypted wifi is just plain stupid. I'd expect to that at a small owner operated shop (where I prefer to use cash), but not at a national retailer.

    There are a lot of things that are stupid here. Major corporations get hacked because of stupid decisions and they have to "disclose it to the public" and move on with their lives. Small companies get hacked and there's no announcement and they move on with their lives. Many stupid decisions at companies are made and there aren't any repercussions except bad press, which seems to be so plentiful now that nobody cares any more. Home Depot's "We sell hammers" quote in response to implementing security comes to mind.

    The terms and conditions, terms of service, implied consent and notice of privacy practices that allows selling/sharing person data only serve to make the whole situation worse and more in the hands of the lawyers than anyone else. Don't get me started on the international impunity that so many companies operate under.

    Until people are held accountable for their decisions and people grow a brain to actually address security for real, we're all subject to the same meaningless, legalized corporate apology that's getting more and more common.

    Sorry, but this touched a raw nerve with me. I'll stop the rant and get off my soap box.

  • Home Depot's "We sell hammers" quote in response to implementing security comes to mind.

    Home Depot's corporate and IT headquarters are based here in Atlanta. I almost took a job offer there once, but rumor in IT circles is that they weren't anywhere near the cutting edge. It seems like they always have "immediate openings".

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • What these retailers need is encryption capability embedded in the card scanner devices. This is so obvious, I'm sure it's already an option. The further upstream data is encrypted, then the less chance it can be compromised while flowing downstream through less than ideal end users, operating systems, and network infrastructure.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • The timing of this article being republished is interesting because the day before, I received a spam email demanding a ransom of USD5000 in Bitcoin within 48 hours, otherwise my 'misdemeanours' would be revealed to my family, friends and co-workers.
    The only thing true in the entire email was my password and that password is only used on one site....SQLServerCentral.com.
    I immediately changed my password for the site and alerted colleagues whom I knew also had SQL Server Central accounts.
    Of course I didn't pay the ransom and lo and behold........nothing happened!
    It does make me wonder though: how did they get hold of my password?

  • Lempster - Wednesday, August 8, 2018 2:12 AM

    The timing of this article being republished is interesting because the day before, I received a spam email demanding a ransom of USD5000 in Bitcoin within 48 hours, otherwise my 'misdemeanours' would be revealed to my family, friends and co-workers.
    The only thing true in the entire email was my password and that password is only used on one site....SQLServerCentral.com.
    I immediately changed my password for the site and alerted colleagues whom I knew also had SQL Server Central accounts.
    Of course I didn't pay the ransom and lo and behold........nothing happened!
    It does make me wonder though: how did they get hold of my password?

    I would almost guarantee that either there's a process/virus on your machine scanning cookies, or you used this password somewhere else. We've never been hacked that we've been able to trace. We've always found the few complaints to be due to some other process. We one way hash the passwords, never keep them here.

  • Lempster - Wednesday, August 8, 2018 2:12 AM

    The timing of this article being republished is interesting because the day before, I received a spam email demanding a ransom of USD5000 in Bitcoin within 48 hours, otherwise my 'misdemeanours' would be revealed to my family, friends and co-workers.
    The only thing true in the entire email was my password and that password is only used on one site....SQLServerCentral.com.
    I immediately changed my password for the site and alerted colleagues whom I knew also had SQL Server Central accounts.
    Of course I didn't pay the ransom and lo and behold........nothing happened!
    It does make me wonder though: how did they get hold of my password?

    It wouldn't happen to have been this particular scheme, would it?
    https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
    Personally, if I got one of those e-mails I might (depending on my mood) have some fun with the extorter.  After all, it's kind of hard for them to have the material they claim, if I don't even have a webcam on my computer...

    More likely though, if it even got past the spam filters, I'd glance at it and delete it and never think about it again.  Other than figuring out which account the password came from and promptly changing said password...

Viewing 15 posts - 46 through 60 (of 63 total)

You must be logged in to reply to this topic. Login to reply